Fortinet customers have been urged to update their FortiClient Enterprise Management Server (EMS) products after the vendor was forced to issue an emergency patch over the weekend. CVE-2026-35616 is a critical (CVSS 9.1) improper access control vulnerability which could allow an unauthenticated… Read More "Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploit"
Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams 29 Oct 2025 Can you tell what’s real online? It’s become increasingly difficult as advances in AI and… Read More "Cybersecurity Awareness Month 2025: When seeing isn’t believing"
A prolific cybercrime group has been weaponizing n-day and zero-day exploits in high-tempo Medusa ransomware attacks over the past three years, Microsoft has revealed. Storm-1175 is a financially motivated actor that usually exploits the window between vulnerability disclosure and patch… Read More "Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks"
Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically 30 Oct 2025 • , 6 min. read When we talk about fraud that can inflict a severe financial and emotional toll on the… Read More "How to help older family members avoid scams"
Cyber-enabled fraud cost victims over $17.7 billion during 2025, as financial losses to internet-enabled cybercrime continues to grow. Overall, cyber-enabled crimes cost US citizens $21bn. Published on April 6, the FBI’s 2025 Internet Crime Report, detailed how the Internet Crime Complaint… Read More "Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI"
Four popular Composer packages maintained by the Laravel-Lang organization were poisoned with malware after hackers rewrote all their Git tags, security researchers warn. The affected packages, namely laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions, are third-party localization libraries used by Laravel applications.… Read More "Laravel-Lang Packages Poisoned for Malware Delivery"
Before a single file is encrypted, ransomware runs a full staged operation on the endpoint: it achieves persistence via registry modifications, extracts credentials from memory using tools like Mimikatz, maps the network, moves laterally across systems using RDP or PsExec,… Read More "Endpoint Forensics in Ransomware Investigations"
Ravie LakshmananMay 25, 2026Endpoint Security / Threat Intelligence Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per… Read More "Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms"
From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October’s headlines offer a glimpse of what’s shaping cybersecurity right now 31 Oct 2025 As October 2025 draws to a close, ESET Chief Security… Read More "This month in security with Tony Anscombe – October 2025 edition"
A newly identified critical vulnerability dubbed GrafanaGhost has been used by attackers to silently extract sensitive enterprise data from Grafana environments. According to researchers at Noma’s Threat Research Team, the exploit bypasses client-side protections and AI guardrails, enabling unauthorized data… Read More "GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltrati"
